Hi webkit-dev,
Content-Security-Policy 1.0 is nearing Working Group Last Call in the
W3C WebAppSec working group. Over the next few weeks, I'm going to
polish up our implementation of CSP 1.0 to match the final
specification. Our implementation is quite close to the spec, so
these changes should be fairly minor. If you're interested in the
details, please feel encouraged to CC yourself on the meta bug for CSP
1.0: <https://bugs.webkit.org/show_bug.cgi?id=53572>.
The WebAppSec working group is also chartered to create
Content-Security-Policy 1.1, which contains a handful of new
directives and features. Currently, CSP 1.1 is a collection of notes
in a wiki page:
<http://www.w3.org/Security/wiki/Content_Security_Policy#Proposals_for_Version_1.1>.
In the coming weeks, these ideas should take shape into a rough
specification. If you have a feature that you'd like included in CSP
1.1, the best way to provide feedback is to email
public-webappsec at w3.org.
I'm planning to incubate our CSP 1.1 implementation on GitHub in the
following branch: <https://github.com/abarth/webkit/tree/csp11>. If
you're interested in contributing, please feel free to send a pull
request to that branch. As CSP 1.1 matures (both in specification and
implementation), I plan to upstream the csp11 branch using this meta
bug: <https://bugs.webkit.org/show_bug.cgi?id=85558>.
Please let me know if you have any questions or concerns.
Adam